FDA defines Data Integrity as data, which is complete, consistent and accurate. It further defines data integrity as data, which is –
A – Attributable
L – Legible
C – Contemporaneous
O – Original
(Source: Data Integrity and Compliance with CGMP Guidance for Industry, a Draft Guidance Document published by FDA in April 2016)
Regulatory requirement of data Integrity is not new. However, with the recent increase in violations of Current Good Manufacturing Practice (cGMP), there is increased regulatory focus on the integrity of computer, and paper-based data. Data integrity is significant from the standpoint of safety, efficacy, and quality of drugs, which are out in the market. It is an important part of pharmaceutical industry’s responsibility towards protection of public health.
Reviewing FDA’s numerous warning letters, import alerts and consent decrees leads one to conclude that current focus is on systems that can generate quality controlled data. This means data integrity is ensured at the source itself. Since many early regulatory citations relate to fraudulent behavior, it is also important that systems detect and report such behavior.
There are two important aspects to data integrity, one is the accuracy of generated data, and the other is protecting data from un-authorized changes. The systems (manual or computerized) must ensure that data is validated at the time of recording, and after it is processed. Critical authorizations must be in place to ensure that data is not tampered with accidentally or intentionally.
To ensure data integrity across the organization, it is necessary to implement processes that can establish, maintain and review data integrity always. Following measures are recommended to mitigate the data integrity risk –
Create Awareness – Employees at all levels in the organization must be made familiar with the importance of data integrity. They must know the influence of the data under their charge has on data integrity. Awareness can be created by conducting simple training sessions to highlight the importance of data integrity, their responsibility towards data handled by them, accountability and consequences of integrity breaches.
Process Standardization–This would ensure a common understanding of terms and concepts given in regulatory guidance. This step should also include proper interpretation of regulations, internal procedures, terminology and levels of risk.
Quality Control – This step would ensure compliance by identifying any gaps between laid down processes and regulatory requirements. This step will highlight compliance issues, and the possible risk associated with each process. In addition to risk assessment, for each category of risk, thresholds levels for risk mitigation and action required should be defined.
Risk Assessment – Complete risk determination will provide the basis for implementing new controls in addition to already existing ones. The level of risk would help in deciding technical or procedural controls. Once implemented, the system, controls, and data should be reviewed at a pre-defined frequency depending on the risk level and criticality.
Audit Trail –FDA expects a review of an audit trail is done before each batch is released. It is important to ascertain what the review would accomplish the review is carried out. Review of audit trails to establish data integrity requires a prior definition of critical items to be reviewed. Audit trails should record the events insufficient granularity to ensure meaningful and valuable reviews.
We can say that data gathering and processing system used in pharmaceutical industry is growing rapidly. The data generated is directly proportional to the number of products manufactured by the industry. There are several standalone and integrated /interfaced systems, which complicate the matter. Implementation of data integrity standards and its implementation are crucial for the safety of patients and quality of health care.